On Mon, May 24, 2004 at 10:18:35AM -0700, Adesanya, Adeyemi wrote: > > Hi There. > > Our Ganglia monitoring system has been growing in size and popularity > and we would like to increase it's visibility by serving the frontend > on a public web server. So far, the frontend has only been accessible > from within our intranet or via ssh tunnel. > > We are seeking approval from our web team who currently do not enable > PHP on public web servers due to security concerns. They may however > make an exception if the web pages can run under 'PHP safe_mode'. Do > you think their concerns are reasonable/justified? What experience do > we have running the web frontend in safe_mode? How much additional > work (if any) is required???
There are two major issues with PHP. First, its default security model means that everything runs as the webserver user. That means PHP on a multiuser system is inadvisable. Second, there's a lot of REALLY crappy PHP code out there. One guy I know who works for an ISP says they clean up a break-in at least once a week caused by bad PHP code. Most of those are caused by idiots installing outdated code they download from untrustworthy sites. I'm not sure what would be required to run Ganglia in safe mode. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
pgpclerctFX7h.pgp
Description: PGP signature